Slashdot Mirror

← Back to Stories (view on slashdot.org)

Impressing Security Upon End-Users Visually?

Posted by Soulskill on from the shake-your-fist-and-glare dept.

get quad writes "I continually have to remind our end-users to be vigilant about the usual web security hazards, such as not clicking links in the occasional spam email that passes through our filters, avoiding suspicious websites, why some websites aren't entirely safe or appropriate for the work environment (Facebook apps, MySpace, remote access apps, proxies, etc), and the myriad other things an end-user can do to get into trouble. What I'm hoping to find are video or flash examples (mind you, in layman's terms) of what Web-based exploits/zero-day threats are capable of, how they can happen, and the harm they can ultimately cause — rather than posting links to technical docs the users will never bother to read. Getting the point across in a purely visual and less technical manner seems much more effective. Does anyone have any suggestions or experience with this type of training?"

4 of 157 comments (clear)

  1. So you are looking for a "Reefer Madness" movie... by John+Hasler · · Score: 3, Insightful

    ...about computer security? Those work so well.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  2. Re:Yell at them and make them feel like shit. by NoYob · · Score: 3, Insightful
    What some will do then is go out of their way to click on shit to fuck things up. Treating people like shit will never work.

    Then, if you work in a company, said stupid people will undermine you. They'll make sure mgt knows you're insulting and unprofessional. Anything breaks, they'll let their bosses know that you were the one who "fixed" it and that your fixes don't work.

    Treat people like children and they will usually act like children.

    --
    It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
  3. Videos help? by MrCrassic · · Score: 3, Insightful

    I figured that most people would treat videos on computer security like the videos that teachers would show at school. Their reaction?

    "NO WORK!!!"

    I think that what's most effective is just enforcing your security policies using Group Policy or other management tools on the network. That way, you KNOW that most people won't violate any policies set forth, and those that do are the ones that didn't need the training in the first place.

    If you're really adamant about educating your employees with videos and such, find REALLY GOOD videos that will hold their attention for their entire run. Remember, at the end of the day, those computers don't belong to them and most of them simply wish to get work done. Any teaching method which can exploit these two truths for educational value is probably worth watching.

  4. What's in it for them? by petes_PoV · · Score: 3, Insightful
    Viruses, worms etc. aren't really the users' problem - unless you can categorically point the finger at an individual and get them fired (as an example, pour les autres). Why should they care if THE COMPANY computers crash, or slow down or give them reasons why they can't do their job?

    So why should they go to the inconvenience of not clicking on links that they want to, or not visiting any website that takes their fancy? By appealing to their "professionalism" or "humanity" or "team spirit" you're probably on a loser. While these might get them gee-d up for a short time, you can bet that unless there's some personal pain involved in doing it, they'll be back to their old habits in a few weeks time.

    Once you can put security in terms a normal user will understand: i.e. If you click on a bad website, these bad things will happen TO YOU, they'll pay attention. Until then you haven't got a chance.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons